IT Security Weekend Catch Up – November 1, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Massive hack-for-hire scandal rocks Italian political elites
  2. JPMorgan begins suing customers who allegedly stole thousands of dollars in ‘infinite money glitch’
  3. Free, France’s second largest ISP, confirms data breach after leak
  4. Change Healthcare breach hits 100M Americans
  5. Brazen crims selling stolen credit cards on Meta’s Threads
  6. Inside a firewall vendor’s 5-year war with the Chinese hackers hijacking its devices
  7. Microsoft delays Windows Recall again, now by December

For the more technical

  1. We patched CVE-2024-38030, found another Windows Themes spoofing vulnerability
  2. An update on Windows Downdate
  3. A vulnerability in the Common Log File System (CLFS) driver allows a local user to gain elevated privileges on Windows 11
  4. QNAP fixes NAS backup software zero-day exploited at Pwn2Own
  5. Zero-day vulnerabilities in live streaming cameras with the help of AI
  6. RCE vulnerability in QBittorrent
  7. Rare case of privilege escalation patched in LiteSpeed Cache plugin
  8. ChatGPT-4o guardrail jailbreak: Hex encoding for writing CVE exploits
  9. New tool bypasses Google Chrome’s new cookie encryption system
  10. Katz and mouse game: MaaS infostealers adapt to patched Chrome defenses
  11. EmeraldWhale: 15k cloud credentials stolen in operation targeting exposed Git config
  12. The infostealers, RedLine and META, taken down by international coalition
  13. Mishing in motion: Uncovering the evolving functionality of FakeCall malware
  14. Jumpy Pisces engages in Play ransomware
  15. Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
  16. Fog and Akira ransomware targets SonicWall VPNs to breach corporate networks
  17. Hybrid Russian espionage and influence campaign aims to compromise Ukrainian military recruits and deliver anti-mobilization narratives
  18. Inside the open directory of the “You Dun” threat group
  19. CloudScout: Evasive Panda scouting cloud services
  20. Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
  21. New tradecraft of Iranian cyber group Aria Sepehr Ayandehsazan aka Emennet Pasargad (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *